all: log changes

CHANGELOG.md

@@ -9,11 +9,11 @@ The format is based on [*Keep a Changelog*](https://keepachangelog.com/en/1.0.0/
 <!--
 ## [v0.108.0] – TBA
 
-## [v0.107.61] - 2025-04-22 (APPROX.)
+## [v0.107.62] - 2025-04-30 (APPROX.)
 
-See also the [v0.107.61 GitHub milestone][ms-v0.107.61].
+See also the [v0.107.62 GitHub milestone][ms-v0.107.62].
 
-[ms-v0.107.61]: https://github.com/AdguardTeam/AdGuardHome/milestone/96?closed=1
+[ms-v0.107.62]: https://github.com/AdguardTeam/AdGuardHome/milestone/97?closed=1
 
 NOTE: Add new changes BELOW THIS COMMENT.
 -->
@@ -21,6 +21,19 @@ NOTE: Add new changes BELOW THIS COMMENT.
 NOTE: Add new changes ABOVE THIS COMMENT.
 -->
 
+## [v0.107.61] - 2025-04-22
+
+See also the [v0.107.61 GitHub milestone][ms-v0.107.61].
+
+### Security
+
+- Any simultaneous requests that are considered duplicates will now only result in a single request to upstreams, reducing the chance of a cache poisoning attack succeeding.  This is controlled by the new configuration object `pending_requests`, which has a single `enabled` property, set to `true` by default.
+
+    **NOTE:** We thank [Xiang Li][mr-xiang-li] for reporting this security issue.  It's strongly recommended to leave it enabled, otherwise AdGuard Home will be vulnerable to untrusted clients.
+
+[mr-xiang-li]:  https://lixiang521.com/
+[ms-v0.107.61]: https://github.com/AdguardTeam/AdGuardHome/milestone/96?closed=1
+
 ## [v0.107.60] - 2025-04-14
 
 See also the [v0.107.60 GitHub milestone][ms-v0.107.60].
@@ -55,7 +68,7 @@ See also the [v0.107.60 GitHub milestone][ms-v0.107.60].
 [#7729]: https://github.com/AdguardTeam/AdGuardHome/issues/7729
 [#7734]: https://github.com/AdguardTeam/AdGuardHome/issues/7734
 
-[go-1.24.2]: https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk
+[go-1.24.2]:    https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk
 [ms-v0.107.60]: https://github.com/AdguardTeam/AdGuardHome/milestone/95?closed=1
 
 ## [v0.107.59] - 2025-03-21
@@ -3104,11 +3117,12 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].
 [ms-v0.104.2]: https://github.com/AdguardTeam/AdGuardHome/milestone/28?closed=1
 
 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.61...HEAD
-[v0.107.61]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.60...v0.107.61
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.62...HEAD
+[v0.107.62]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.61...v0.107.62
 -->
 
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.60...HEAD
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.61...HEAD
+[v0.107.61]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.60...v0.107.61
 [v0.107.60]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.59...v0.107.60
 [v0.107.59]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.58...v0.107.59
 [v0.107.58]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.57...v0.107.58

bamboo-specs/release.yaml

@@ -7,7 +7,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
     'channel': 'edge'
-    'dockerFrontend': 'adguard/home-js-builder:3.0'
+    'dockerFrontend': 'adguard/home-js-builder:3.1'
     'dockerGo': 'adguard/go-builder:1.24.2--1'
 
 'stages':
@@ -278,7 +278,7 @@
         # need to build a few of these.
         'variables':
             'channel': 'beta'
-            'dockerFrontend': 'adguard/home-js-builder:3.0'
+            'dockerFrontend': 'adguard/home-js-builder:3.1'
             'dockerGo': 'adguard/go-builder:1.24.2--1'
     # release-vX.Y.Z branches are the branches from which the actual final
     # release is built.
@@ -294,5 +294,5 @@
         # are the ones that actually get released.
         'variables':
             'channel': 'release'
-            'dockerFrontend': 'adguard/home-js-builder:3.0'
+            'dockerFrontend': 'adguard/home-js-builder:3.1'
             'dockerGo': 'adguard/go-builder:1.24.2--1'

bamboo-specs/test.yaml

@@ -5,7 +5,7 @@
     'key': 'AHBRTSPECS'
     'name': 'AdGuard Home - Build and run tests'
 'variables':
-    'dockerFrontend': 'adguard/home-js-builder:3.0'
+    'dockerFrontend': 'adguard/home-js-builder:3.1'
     'dockerGo': 'adguard/go-builder:1.24.2--1'
     'channel': 'development'
 
@@ -233,6 +233,6 @@
         # Set the default release channel on the release branch to beta, as we
         # may need to build a few of these.
         'variables':
-            'dockerFrontend': 'adguard/home-js-builder:3.0'
+            'dockerFrontend': 'adguard/home-js-builder:3.1'
             'dockerGo': 'adguard/go-builder:1.24.2--1'
             'channel': 'candidate'

client/package.json

@@ -66,7 +66,7 @@
         "@babel/preset-react": "^7.24.1",
         "@playwright/test": "1.50.1",
         "@types/lodash": "^4.17.4",
-        "@types/node": "^22.10.2",
+        "@types/node": "^22.13.10",
         "@types/react": "^17.0.80",
         "@types/react-dom": "^18.3.0",
         "@types/react-redux": "^7.1.33",
@@ -99,7 +99,7 @@
         "stylelint": "^16.5.0",
         "ts-loader": "^9.5.1",
         "url-loader": "^4.1.1",
-        "vitest": "^3.0.4",
+        "vitest": "^3.1.1",
         "webpack": "^5.91.0",
         "webpack-cli": "^5.1.4",
         "webpack-dev-server": "^5.0.4",

client/src/__locales/bg.json

@@ -45,6 +45,7 @@
     "filter": "Филтър",
     "query_log": "История на заявките",
     "compact": "Compact",
+    "nothing_found": "Нищо не е намерено",
     "faq": "ЧЗВ",
     "version": "версия",
     "address": "Адрес",
@@ -65,14 +66,12 @@
     "stats_malware_phishing": "вируси/атаки",
     "stats_adult": "сайтове за възрастни",
     "stats_query_domain": "Най-отваряни страници",
-    "for_last_24_hours": "за последните 24 часа",
     "no_domains_found": "Няма намерени резултати",
     "requests_count": "Сума на заявките",
     "top_blocked_domains": "Най-блокирани страници",
     "top_clients": "Най-активни IP адреси",
     "no_clients_found": "Нямa намерени адреси",
     "general_statistics": "Обща статисика",
-    "number_of_dns_query_24_hours": "Сума на DNS заявки за последните 24 часа",
     "number_of_dns_query_blocked_24_hours": "Сума на блокирани DNS заявки от филтрите за реклама и местни",
     "number_of_dns_query_blocked_24_hours_by_sec": "Сума на блокирани DNS заявки от AdGuard свързани със сигурността",
     "number_of_dns_query_blocked_24_hours_adult": "Сума на блокирани сайтове за възрастни",
@@ -156,6 +155,7 @@
     "rule_added_to_custom_filtering_toast": "Добавено до местни правила за филтриране: {{rule}}",
     "default": "По подразбиране",
     "custom_ip": "Персонализиран IP",
+    "dnscrypt": "DNSCrypt",
     "dns_over_https": "DNS-пред-HTTPS",
     "dns_over_quic": "DNS-over-QUIC",
     "plain_dns": "Обикновен DNS",

client/src/__locales/nl.json

@@ -110,9 +110,9 @@
     "homepage": "Startpagina",
     "report_an_issue": "Rapporteer een probleem",
     "privacy_policy": "Privacybeleid",
-    "enable_protection": "Schakel bescherming in",
+    "enable_protection": "Bescherming inschakelen",
     "enabled_protection": "Bescherming ingeschakeld",
-    "disable_protection": "Schakel bescherming uit",
+    "disable_protection": "Bescherming uitschakelen",
     "disabled_protection": "Bescherming uitgeschakeld",
     "refresh_statics": "Ververs statistieken",
     "dns_query": "DNS-queries",
@@ -702,13 +702,13 @@
     "disable_for_hours": "Voor {{count}} uur",
     "disable_for_hours_plural": "Voor {{count}} uren",
     "disable_until_tomorrow": "Tot morgen",
-    "disable_notify_for_seconds": "Beveiliging uitschakelen voor {{count}} seconde",
-    "disable_notify_for_seconds_plural": "Beveiliging uitschakelen voor {{count}} seconden",
-    "disable_notify_for_minutes": "Beveiliging uitschakelen voor {{count}} minuut",
-    "disable_notify_for_minutes_plural": "Beveiliging uitschakelen voor {{count}} minuten",
-    "disable_notify_for_hours": "Beveiliging uitschakelen voor {{count}} uur",
-    "disable_notify_for_hours_plural": "Beveiliging uitschakelen voor {{count}} uren",
-    "disable_notify_until_tomorrow": "Beveiliging uitschakelen tot morgen",
+    "disable_notify_for_seconds": "Bescherming uitschakelen voor {{count}} seconde",
+    "disable_notify_for_seconds_plural": "Bescherming uitschakelen voor {{count}} seconden",
+    "disable_notify_for_minutes": "Bescherming uitschakelen voor {{count}} minuut",
+    "disable_notify_for_minutes_plural": "Bescherming uitschakelen voor {{count}} minuten",
+    "disable_notify_for_hours": "Bescherming uitschakelen voor {{count}} uur",
+    "disable_notify_for_hours_plural": "Bescherming uitschakelen voor {{count}} uren",
+    "disable_notify_until_tomorrow": "Bescherming uitschakelen tot morgen",
     "enable_protection_timer": "Bescherming wordt ingeschakeld over {{time}}",
     "custom_retention_input": "Voer retentie in uren in",
     "custom_rotation_input": "Voer rotatie in uren in",

client/src/__locales/no.json

@@ -264,7 +264,7 @@
     "custom_ip": "Tilpasset IP",
     "blocking_ipv4": "IPv4-blokkering",
     "blocking_ipv6": "IPv6-blokkering",
-    "blocked_response_ttl": "Blokkert svar TTL",
+    "blocked_response_ttl": "Blokkerte svars TTL",
     "dnscrypt": "DNSCrypt",
     "dns_over_https": "DNS-over-HTTPS",
     "dns_over_tls": "DNS-over-TLS",

client/src/components/Filters/CustomRules.tsx

@@ -78,6 +78,7 @@ class CustomRules extends Component<CustomRulesProps> {
                     <form onSubmit={this.handleSubmit}>
                         <div className="text-edit-container mb-4">
                             <textarea
+                                data-testid="custom_rule_textarea"
                                 className="form-control font-monospace text-input"
                                 value={userRules}
                                 onChange={this.handleChange}
@@ -91,6 +92,7 @@ class CustomRules extends Component<CustomRulesProps> {
 
                         <div className="card-actions">
                             <button
+                                data-testid="apply_custom_rule"
                                 className="btn btn-success btn-standard btn-large"
                                 type="submit"
                                 onClick={this.handleSubmit}>

client/src/components/Header/index.tsx

@@ -59,7 +59,7 @@ const Header = () => {
                     <div className="header__column">
                         <div className="header__right">
                             {!processingProfile && name && (
-                                <a href="control/logout" className="btn btn-sm btn-outline-secondary">
+                                <a href="control/logout" className="btn btn-sm btn-outline-secondary" data-testid="sign_out">
                                     {t('sign_out')}
                                 </a>
                             )}

client/src/components/Logs/Cells/index.tsx

@@ -288,7 +288,7 @@ const Row = memo(
         );
 
         return (
-            <div style={style} className={className} onClick={onClick} role="row">
+            <div style={style} className={className} onClick={onClick} role="row" data-testid="querylog_cell">
                 <DateCell {...rowProps} />
 
                 <DomainCell {...rowProps} />

client/src/components/Logs/Filters/Form.tsx

@@ -84,6 +84,7 @@ export const Form = ({ className, setIsLoading }: Props) => {
             }}>
             <div className="field__search">
                 <SearchField
+                    data-testid="querylog_search"
                     value={searchValue}
                     handleChange={(val) => setValue('search', val)}
                     onKeyDown={onEnterPress}

client/src/components/Settings/index.tsx

@@ -27,12 +27,14 @@ const SETTINGS = {
         enabled: false,
         title: i18next.t('use_adguard_browsing_sec'),
         subtitle: i18next.t('use_adguard_browsing_sec_hint'),
+        testId: 'safebrowsing',
         [ORDER_KEY]: 0,
     },
     parental: {
         enabled: false,
         title: i18next.t('use_adguard_parental'),
         subtitle: i18next.t('use_adguard_parental_hint'),
+        testId: 'parental',
         [ORDER_KEY]: 1,
     },
 };
@@ -90,11 +92,12 @@ class Settings extends Component<SettingsProps> {
     renderSettings = (settings: any) =>
         getObjectKeysSorted(SETTINGS, ORDER_KEY).map((key: any) => {
             const setting = settings[key];
-            const { enabled, title, subtitle } = setting;
+            const { enabled, title, subtitle, testId } = setting;
 
             return (
                 <div key={key} className="form__group form__group--checkbox">
                     <Checkbox
+                        data-testid={testId}
                         value={enabled}
                         title={title}
                         subtitle={subtitle}
@@ -118,6 +121,7 @@ class Settings extends Component<SettingsProps> {
             <>
                 <div className="form__group form__group--checkbox">
                     <Checkbox
+                        data-testid="safesearch"
                         value={enabled}
                         title={i18next.t('enforce_safe_search')}
                         subtitle={i18next.t('enforce_save_search_hint')}

client/src/components/ui/Footer.tsx

@@ -94,14 +94,17 @@ const Footer = () => {
             auto: {
                 desc: t('theme_auto_desc'),
                 icon: '#auto',
+                testId: 'theme_auto',
             },
             dark: {
                 desc: t('theme_dark_desc'),
                 icon: '#dark',
+                testId: 'theme_dark',
             },
             light: {
                 desc: t('theme_light_desc'),
                 icon: '#light',
+                testId: 'theme_light',
             },
         };
 
@@ -113,7 +116,9 @@ const Footer = () => {
                     type="button"
                     className="btn btn-sm btn-secondary footer__theme-button"
                     onClick={() => onThemeChange(theme)}
-                    title={content[theme].desc}>
+                    title={content[theme].desc}
+                    data-testid={content[theme].testId}
+                >
                     <svg className={cn('footer__theme-icon', { 'footer__theme-icon--active': currentValue === theme })}>
                         <use xlinkHref={content[theme].icon} />
                     </svg>

client/tests/e2e/control-panel.spec.ts

@@ -0,0 +1,34 @@
+import { test, expect } from '@playwright/test';
+import { ADMIN_USERNAME, ADMIN_PASSWORD } from '../constants';
+
+test.describe('Control Panel', () => {
+    test.beforeEach(async ({ page }) => {
+        await page.goto('/login.html');
+        await page.getByTestId('username').click();
+        await page.getByTestId('username').fill(ADMIN_USERNAME);
+        await page.getByTestId('password').click();
+        await page.getByTestId('password').fill(ADMIN_PASSWORD);
+        await page.keyboard.press('Tab');
+        await page.getByTestId('sign_in').click();
+        await page.waitForURL((url) => !url.href.endsWith('/login.html'));
+    });
+
+    test('should sign out successfully', async ({ page }) => {
+        await page.getByTestId('sign_out').click();
+
+        await page.waitForURL((url) => url.href.endsWith('/login.html'));
+
+        await expect(page.getByTestId('sign_in')).toBeVisible();
+    });
+
+    test('should change theme to dark and then light', async ({ page }) => {
+        await page.getByTestId('theme_dark').click();
+
+        await expect(page.locator('body[data-theme="dark"]')).toBeVisible();
+
+
+        await page.getByTestId('theme_light').click();
+
+        await expect(page.locator('body:not([data-theme="dark"])')).toBeVisible();
+    });
+});

client/tests/e2e/dns-settings.spec.ts

@@ -0,0 +1,52 @@
+import { test, expect, type Page } from '@playwright/test';
+import { ADMIN_USERNAME, ADMIN_PASSWORD } from '../constants';
+
+test.describe('DNS Settings', () => {
+    test.beforeEach(async ({ page }) => {
+        // Login before each test
+        await page.goto('/login.html');
+        await page.getByTestId('username').click();
+        await page.getByTestId('username').fill(ADMIN_USERNAME);
+        await page.getByTestId('password').click();
+        await page.getByTestId('password').fill(ADMIN_PASSWORD);
+        await page.keyboard.press('Tab');
+        await page.getByTestId('sign_in').click();
+        await page.waitForURL((url) => !url.href.endsWith('/login.html'));
+    });
+
+    const runDNSSettingsTest = async (page: Page, address: string) => {
+        await page.goto('/#dns');
+
+        const currentDns = await page.getByTestId('upstream_dns').inputValue();
+
+        await page.getByTestId('upstream_dns').fill(address);
+        await page.getByTestId('dns_upstream_test').click();
+
+        await page.waitForTimeout(2000);
+
+        await expect(page.getByTestId('upstream_dns')).toHaveValue(address);
+
+        await page.getByTestId('upstream_dns').fill(currentDns);
+        await page.getByTestId('dns_upstream_save').click({ force: true });
+    };
+
+    test('test for Default DNS', async ({ page }) => {
+        await runDNSSettingsTest(page, 'https://dns10.quad9.net/dns-query');
+    });
+
+    test('test for Plain DNS', async ({ page }) => {
+        await runDNSSettingsTest(page, '94.140.14.140');
+    });
+
+    test('test for DNS-over-HTTPS', async ({ page }) => {
+        await runDNSSettingsTest(page, 'https://unfiltered.adguard-dns.com/dns-query');
+    });
+
+    test('test for DNS-over-TLS', async ({ page }) => {
+        await runDNSSettingsTest(page, 'tls://unfiltered.adguard-dns.com');
+    });
+
+    test('test for DNS-over-QUIC', async ({ page }) => {
+        await runDNSSettingsTest(page, 'quic://unfiltered.adguard-dns.com');
+    });
+});

client/tests/e2e/filtering.spec.ts

@@ -0,0 +1,73 @@
+import { test, expect, type Page } from '@playwright/test';
+import { execSync } from 'child_process';
+import { ADMIN_USERNAME, ADMIN_PASSWORD } from '../constants';
+
+test.describe('Filtering', () => {
+    test.beforeEach(async ({ page }) => {
+        // Login before each test
+        await page.goto('/login.html');
+        await page.getByTestId('username').click();
+        await page.getByTestId('username').fill(ADMIN_USERNAME);
+        await page.getByTestId('password').click();
+        await page.getByTestId('password').fill(ADMIN_PASSWORD);
+        await page.keyboard.press('Tab');
+        await page.getByTestId('sign_in').click();
+        await page.waitForURL((url) => !url.href.endsWith('/login.html'));
+    });
+
+    const runTerminalCommand = (command: string) => {
+        try {
+            console.info(`Executing command: ${command}`);
+
+            const output = execSync(command, { encoding: 'utf-8', stdio: 'pipe' }).trim();
+
+            console.info('Command executed successfully.');
+            console.debug(`Command output:\n${output}`);
+
+            return output;
+        } catch (error: any) {
+            console.error(`Command execution failed with error:\n${error.message}`);
+            throw new Error(`Failed to execute command: ${command}\nError: ${error.message}`);
+        }
+    }
+
+    const runCustomRuleTest = async (page: Page, domain_to_block: string) => {
+        await page.goto('/#custom_rules');
+
+        await page.getByTestId('custom_rule_textarea').fill(domain_to_block);
+        await page.getByTestId('apply_custom_rule').click();
+
+        const nslookupBlockedResult = await runTerminalCommand(`nslookup ${domain_to_block} 127.0.0.1`).toString();
+
+        console.info(`nslookup blocked CNAME result: '${nslookupBlockedResult}'`);
+
+        const currentRules = await page.getByTestId('custom_rule_textarea').inputValue();
+        console.debug(`Current rules before removal:\n${currentRules}`);
+
+        if (currentRules.includes(domain_to_block)) {
+            const updatedRules = currentRules
+            .split('\n')
+            .filter((line) => line.trim() !== domain_to_block.trim())
+            .join('\n');
+
+            await page.getByTestId('custom_rule_textarea').fill(updatedRules);
+            console.info(`Rule '${domain_to_block}' removed successfully.`);
+
+            console.info('Applying the updated filtering rules after removal.');
+            await page.getByTestId('apply_custom_rule').click();
+
+            await page.waitForLoadState('domcontentloaded');
+
+            console.info(`Filtering rules successfully updated after removing '${domain_to_block}'.`);
+        } else {
+            console.warn(`Rule '${domain_to_block}' not found. No changes were made.`);
+        }
+
+        const nslookupUnblockedResult = await runTerminalCommand(`nslookup ${domain_to_block} 127.0.0.1`).toString();
+        console.info(`nslookup unblocked CNAME result: '${nslookupUnblockedResult}'`);
+    };
+
+    test('Test blocking rule for apple.com', async ({ page }) => {
+        await runCustomRuleTest(page, 'apple.com');
+    });
+});

client/tests/e2e/general-settings.spec.ts

@@ -0,0 +1,89 @@
+import { test, expect } from '@playwright/test';
+import { execSync } from 'child_process';
+import { ADMIN_USERNAME, ADMIN_PASSWORD } from '../constants';
+
+test.describe('General Settings', () => {
+    test.beforeEach(async ({ page }) => {
+        await page.goto('/login.html');
+        await page.getByTestId('username').click();
+        await page.getByTestId('username').fill(ADMIN_USERNAME);
+        await page.getByTestId('password').click();
+        await page.getByTestId('password').fill(ADMIN_PASSWORD);
+        await page.keyboard.press('Tab');
+        await page.getByTestId('sign_in').click();
+        await page.waitForURL((url) => !url.href.endsWith('/login.html'));
+    });
+
+    test('should toggle browsing security feature and verify DNS changes', async ({ page }) => {
+        await page.goto('/#settings');
+
+        const browsingSecurity = await page.getByTestId('safebrowsing');
+        const browsingSecurityLabel = await browsingSecurity.locator('xpath=following-sibling::*[1]');
+
+        const initialState = await browsingSecurity.isChecked();
+
+        if (!initialState) {
+            await browsingSecurityLabel.click();
+            await expect(browsingSecurity).toBeChecked();
+        }
+
+        const resultEnabled = execSync('nslookup totalvirus.com 127.0.0.1').toString();
+
+        await browsingSecurityLabel.click();
+        await expect(browsingSecurity).not.toBeChecked();
+
+        const resultDisabled = execSync('nslookup totalvirus.com 127.0.0.1').toString();
+
+        expect(resultEnabled).not.toEqual(resultDisabled);
+
+        if (initialState) {
+            await browsingSecurityLabel.click();
+            await expect(browsingSecurity).toBeChecked();
+        }
+    });
+
+    test('should toggle parental control feature and verify DNS changes', async ({ page }) => {
+        await page.goto('/#settings');
+
+        const parentalControl = page.getByTestId('parental');
+        const parentalControlLabel = await parentalControl.locator('xpath=following-sibling::*[1]');
+
+        const initialState = await parentalControl.isChecked();
+
+        if (!initialState) {
+            await parentalControlLabel.click();
+            await expect(parentalControl).toBeChecked();
+        }
+
+        const resultEnabled = execSync('nslookup pornhub.com 127.0.0.1').toString();
+
+        await parentalControlLabel.click();
+        await expect(parentalControl).not.toBeChecked();
+
+        const resultDisabled = execSync('nslookup pornhub.com 127.0.0.1').toString();
+
+        expect(resultEnabled).not.toEqual(resultDisabled);
+
+        if (initialState) {
+            await parentalControlLabel.click();
+            await expect(parentalControl).toBeChecked();
+        }
+    });
+
+    test('should toggle safe search feature', async ({ page }) => {
+        await page.goto('/#settings');
+
+        const safeSearch = page.getByTestId('safesearch');
+        const safeSearchLabel = await safeSearch.locator('xpath=following-sibling::*[1]');
+
+        const initialState = await safeSearch.isChecked();
+
+        await safeSearchLabel.click();
+
+        await expect(safeSearch).not.toBeChecked({ checked: initialState });
+
+        await safeSearchLabel.click();
+
+        await expect(safeSearch).toBeChecked({ checked: initialState });
+    });
+});

client/tests/e2e/querylog.spec.ts

@@ -0,0 +1,124 @@
+import { test, expect } from '@playwright/test';
+import { ADMIN_USERNAME, ADMIN_PASSWORD } from '../constants';
+
+test.describe('QueryLog', () => {
+    test.beforeEach(async ({ page }) => {
+        await page.goto('/login.html');
+        await page.getByTestId('username').click();
+        await page.getByTestId('username').fill(ADMIN_USERNAME);
+        await page.getByTestId('password').click();
+        await page.getByTestId('password').fill(ADMIN_PASSWORD);
+        await page.keyboard.press('Tab');
+        await page.getByTestId('sign_in').click();
+        await page.waitForURL((url) => !url.href.endsWith('/login.html'));
+    });
+
+    test('Search of queryLog should work correctly', async ({ page }) => {
+        await page.route('/control/querylog', async (route) => {
+            await route.fulfill({
+                status: 200,
+                contentType: 'application/json',
+                body: JSON.stringify(
+                    {
+                        "data": [
+                            {
+                                "answer": [
+                                    {
+                                        "type": "A",
+                                        "value": "77.88.44.242",
+                                        "ttl": 294
+                                    },
+                                    {
+                                        "type": "A",
+                                        "value": "5.255.255.242",
+                                        "ttl": 294
+                                    },
+                                    {
+                                        "type": "A",
+                                        "value": "77.88.55.242",
+                                        "ttl": 294
+                                    }
+                                ],
+                                "answer_dnssec": false,
+                                "cached": false,
+                                "client": "127.0.0.1",
+                                "client_info": {
+                                    "whois": {},
+                                    "name": "localhost",
+                                    "disallowed_rule": "127.0.0.1",
+                                    "disallowed": false
+                                },
+                                "client_proto": "",
+                                "elapsedMs": "78.163167",
+                                "question": {
+                                    "class": "IN",
+                                    "name": "ya.ru",
+                                    "type": "A"
+                                },
+                                "reason": "NotFilteredNotFound",
+                                "rules": [],
+                                "status": "NOERROR",
+                                "time": "2024-07-17T16:02:37.500662+02:00",
+                                "upstream": "https://dns10.quad9.net:443/dns-query"
+                            },
+                            {
+                                "answer": [
+                                    {
+                                        "type": "A",
+                                        "value": "77.88.55.242",
+                                        "ttl": 351
+                                    },
+                                    {
+                                        "type": "A",
+                                        "value": "77.88.44.242",
+                                        "ttl": 351
+                                    },
+                                    {
+                                        "type": "A",
+                                        "value": "5.255.255.242",
+                                        "ttl": 351
+                                    }
+                                ],
+                                "answer_dnssec": false,
+                                "cached": false,
+                                "client": "127.0.0.1",
+                                "client_info": {
+                                    "whois": {},
+                                    "name": "localhost",
+                                    "disallowed_rule": "127.0.0.1",
+                                    "disallowed": false
+                                },
+                                "client_proto": "",
+                                "elapsedMs": "5051.070708",
+                                "question": {
+                                    "class": "IN",
+                                    "name": "ya.ru",
+                                    "type": "A"
+                                },
+                                "reason": "NotFilteredNotFound",
+                                "rules": [],
+                                "status": "NOERROR",
+                                "time": "2024-07-17T16:02:37.4983+02:00",
+                                "upstream": "https://dns10.quad9.net:443/dns-query"
+                            }
+                        ],
+                        "oldest": "2024-07-17T16:02:37.4983+02:00"
+                    }
+                ),
+            });
+        });
+
+        await page.goto('/#logs');
+
+        await page.getByTestId('querylog_search').fill('127.0.0.1');
+
+        const [request] = await Promise.all([
+            page.waitForRequest((req) => req.url().includes('/control/querylog')),
+        ]);
+
+        if (request) {
+            expect(request.url()).toContain('search=127.0.0.1');
+            expect(await page.getByTestId('querylog_cell').first().isVisible()).toBe(true);
+        }
+    });
+});

go.mod

@@ -3,8 +3,8 @@ module github.com/AdguardTeam/AdGuardHome
 go 1.24.2
 
 require (
-	github.com/AdguardTeam/dnsproxy v0.75.2
-	github.com/AdguardTeam/golibs v0.32.7
+	github.com/AdguardTeam/dnsproxy v0.75.3
+	github.com/AdguardTeam/golibs v0.32.8
 	github.com/AdguardTeam/urlfilter v0.20.0
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.4.0
@@ -34,7 +34,7 @@ require (
 	github.com/ti-mo/netfilter v0.5.2
 	go.etcd.io/bbolt v1.4.0
 	golang.org/x/crypto v0.37.0
-	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394
+	golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0
 	golang.org/x/net v0.39.0
 	golang.org/x/sys v0.32.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
@@ -43,12 +43,12 @@ require (
 )
 
 require (
-	cloud.google.com/go v0.120.0 // indirect
-	cloud.google.com/go/ai v0.10.1 // indirect
-	cloud.google.com/go/auth v0.15.0 // indirect
+	cloud.google.com/go v0.120.1 // indirect
+	cloud.google.com/go/ai v0.10.2 // indirect
+	cloud.google.com/go/auth v0.16.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
 	cloud.google.com/go/compute/metadata v0.6.0 // indirect
-	cloud.google.com/go/longrunning v0.6.6 // indirect
+	cloud.google.com/go/longrunning v0.6.7 // indirect
 	github.com/BurntSushi/toml v1.5.0 // indirect
 	github.com/ameshkov/dnsstamps v1.0.3 // indirect
 	github.com/beefsack/go-rate v0.0.0-20220214233405-116f4ca011a0 // indirect
@@ -90,25 +90,25 @@ require (
 	go.opentelemetry.io/otel/trace v1.35.0 // indirect
 	go.uber.org/automaxprocs v1.6.0 // indirect
 	go.uber.org/mock v0.5.1 // indirect
-	golang.org/x/exp/typeparams v0.0.0-20250305212735-054e65f0b394 // indirect
+	golang.org/x/exp/typeparams v0.0.0-20250408133849-7e4ce0ab07d0 // indirect
 	golang.org/x/mod v0.24.0 // indirect
 	golang.org/x/oauth2 v0.29.0 // indirect
 	golang.org/x/sync v0.13.0 // indirect
-	golang.org/x/telemetry v0.0.0-20250406004356-f593adaf3fc1 // indirect
+	golang.org/x/telemetry v0.0.0-20250417124945-06ef541f3fa3 // indirect
 	golang.org/x/term v0.31.0 // indirect
 	golang.org/x/text v0.24.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
 	golang.org/x/tools v0.32.0 // indirect
 	golang.org/x/vuln v1.1.4 // indirect
 	gonum.org/v1/gonum v0.16.0 // indirect
-	google.golang.org/api v0.228.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20250407143221-ac9807e6c755 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250407143221-ac9807e6c755 // indirect
+	google.golang.org/api v0.229.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250414145226-207652e42e2e // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250414145226-207652e42e2e // indirect
 	google.golang.org/grpc v1.71.1 // indirect
 	google.golang.org/protobuf v1.36.6 // indirect
 	honnef.co/go/tools v0.6.1 // indirect
 	mvdan.cc/editorconfig v0.3.0 // indirect
-	mvdan.cc/gofumpt v0.7.0 // indirect
+	mvdan.cc/gofumpt v0.8.0 // indirect
 	mvdan.cc/sh/v3 v3.11.0 // indirect
 	mvdan.cc/unparam v0.0.0-20250301125049-0df0534333a4 // indirect
 )

go.sum

@@ -1,19 +1,19 @@
-cloud.google.com/go v0.120.0 h1:wc6bgG9DHyKqF5/vQvX1CiZrtHnxJjBlKUyF9nP6meA=
-cloud.google.com/go v0.120.0/go.mod h1:/beW32s8/pGRuj4IILWQNd4uuebeT4dkOhKmkfit64Q=
-cloud.google.com/go/ai v0.10.1 h1:EU93KqYmMeOKgaBXAz2DshH2C/BzAT1P+iJORksLIic=
-cloud.google.com/go/ai v0.10.1/go.mod h1:sWWHZvmJ83BjuxAQtYEiA0SFTpijtbH+SXWFO14ri5A=
-cloud.google.com/go/auth v0.15.0 h1:Ly0u4aA5vG/fsSsxu98qCQBemXtAtJf+95z9HK+cxps=
-cloud.google.com/go/auth v0.15.0/go.mod h1:WJDGqZ1o9E9wKIL+IwStfyn/+s59zl4Bi+1KQNVXLZ8=
+cloud.google.com/go v0.120.1 h1:Z+5V7yd383+9617XDCyszmK5E4wJRJL+tquMfDj9hLM=
+cloud.google.com/go v0.120.1/go.mod h1:56Vs7sf/i2jYM6ZL9NYlC82r04PThNcPS5YgFmb0rp8=
+cloud.google.com/go/ai v0.10.2 h1:5NHzmZlRs+3kvlsVdjT0cTnLrjQdROJ/8VOljVfs+8o=
+cloud.google.com/go/ai v0.10.2/go.mod h1:xZuZuE9d3RgsR132meCnPadiU9XV0qXjpLr+P4J46eE=
+cloud.google.com/go/auth v0.16.0 h1:Pd8P1s9WkcrBE2n/PhAwKsdrR35V3Sg2II9B+ndM3CU=
+cloud.google.com/go/auth v0.16.0/go.mod h1:1howDHJ5IETh/LwYs3ZxvlkXF48aSqqJUM+5o02dNOI=
 cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc=
 cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c=
 cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
 cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg=
-cloud.google.com/go/longrunning v0.6.6 h1:XJNDo5MUfMM05xK3ewpbSdmt7R2Zw+aQEMbdQR65Rbw=
-cloud.google.com/go/longrunning v0.6.6/go.mod h1:hyeGJUrPHcx0u2Uu1UFSoYZLn4lkMrccJig0t4FI7yw=
-github.com/AdguardTeam/dnsproxy v0.75.2 h1:bciOkzQh/GG8vcZGdFn6+rS3pu+2Npt9tbA4bNA/rsc=
-github.com/AdguardTeam/dnsproxy v0.75.2/go.mod h1:U/ouLftmXMIrkTAf8JepqbPuoQzsbXJo0Vxxn+LAdgA=
-github.com/AdguardTeam/golibs v0.32.7 h1:3dmGlAVgmvquCCwHsvEl58KKcRAK3z1UnjMnwSIeDH4=
-github.com/AdguardTeam/golibs v0.32.7/go.mod h1:bE8KV1zqTzgZjmjFyBJ9f9O5DEKO717r7e57j1HclJA=
+cloud.google.com/go/longrunning v0.6.7 h1:IGtfDWHhQCgCjwQjV9iiLnUta9LBCo8R9QmAFsS/PrE=
+cloud.google.com/go/longrunning v0.6.7/go.mod h1:EAFV3IZAKmM56TyiE6VAP3VoTzhZzySwI/YI1s/nRsY=
+github.com/AdguardTeam/dnsproxy v0.75.3 h1:pxlMNO+cP1A3px40PY/old6SAE82pkdLPUA2P3KY8u0=
+github.com/AdguardTeam/dnsproxy v0.75.3/go.mod h1:50OyTHao+uQzUJiXay08hgfvWQ3o2Q2WV99W8u8ypDE=
+github.com/AdguardTeam/golibs v0.32.8 h1:O3mc3kYcPkW3kbmd+gqzFNgUka13a+iBgFLThwOYSQE=
+github.com/AdguardTeam/golibs v0.32.8/go.mod h1:McV1QFFlKLElKa306V4OL/T2kr7564PhsayfvTWYBVs=
 github.com/AdguardTeam/urlfilter v0.20.0 h1:X32qiuVCVd8WDYCEsbdZKfXMzwdVqrdulamtUi4rmzs=
 github.com/AdguardTeam/urlfilter v0.20.0/go.mod h1:gjrywLTxfJh6JOkwi9SU+frhP7kVVEZ5exFGkR99qpk=
 github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
@@ -205,10 +205,10 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
 golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
-golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 h1:nDVHiLt8aIbd/VzvPWN6kSOPE7+F/fNFDSXLVYkE/Iw=
-golang.org/x/exp v0.0.0-20250305212735-054e65f0b394/go.mod h1:sIifuuw/Yco/y6yb6+bDNfyeQ/MdPUy/hKEMYQV17cM=
-golang.org/x/exp/typeparams v0.0.0-20250305212735-054e65f0b394 h1:VI4qDpTkfFaCXEPrbojidLgVQhj2x4nzTccG0hjaLlU=
-golang.org/x/exp/typeparams v0.0.0-20250305212735-054e65f0b394/go.mod h1:LKZHyeOpPuZcMgxeHjJp4p5yvxrCX1xDvH10zYHhjjQ=
+golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 h1:R84qjqJb5nVJMxqWYb3np9L5ZsaDtB+a39EqjV0JSUM=
+golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0/go.mod h1:S9Xr4PYopiDyqSyp5NjCrhFrqg6A5zA2E/iPHPhqnS8=
+golang.org/x/exp/typeparams v0.0.0-20250408133849-7e4ce0ab07d0 h1:oMe07YcizemJ09rs2kRkFYAp0pt4e1lYLwPWiEGMpXE=
+golang.org/x/exp/typeparams v0.0.0-20250408133849-7e4ce0ab07d0/go.mod h1:LKZHyeOpPuZcMgxeHjJp4p5yvxrCX1xDvH10zYHhjjQ=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -243,8 +243,8 @@ golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
 golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/telemetry v0.0.0-20250406004356-f593adaf3fc1 h1:LxyDqgHX2VuimV2UQSNFpQxz+NRUUsh8ulNcP3WvNG0=
-golang.org/x/telemetry v0.0.0-20250406004356-f593adaf3fc1/go.mod h1:RoaXAWDwS90j6FxVKwJdBV+0HCU+llrKUGgJaxiKl6M=
+golang.org/x/telemetry v0.0.0-20250417124945-06ef541f3fa3 h1:RXY2+rSHXvxO2Y+gKrPjYVaEoGOqh3VEXFhnWAt1Irg=
+golang.org/x/telemetry v0.0.0-20250417124945-06ef541f3fa3/go.mod h1:RoaXAWDwS90j6FxVKwJdBV+0HCU+llrKUGgJaxiKl6M=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
 golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
@@ -268,12 +268,12 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
-google.golang.org/api v0.228.0 h1:X2DJ/uoWGnY5obVjewbp8icSL5U4FzuCfy9OjbLSnLs=
-google.golang.org/api v0.228.0/go.mod h1:wNvRS1Pbe8r4+IfBIniV8fwCpGwTrYa+kMUDiC5z5a4=
-google.golang.org/genproto/googleapis/api v0.0.0-20250407143221-ac9807e6c755 h1:AMLTAunltONNuzWgVPZXrjLWtXpsG6A3yLLPEoJ/IjU=
-google.golang.org/genproto/googleapis/api v0.0.0-20250407143221-ac9807e6c755/go.mod h1:2R6XrVC8Oc08GlNh8ujEpc7HkLiEZ16QeY7FxIs20ac=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250407143221-ac9807e6c755 h1:TwXJCGVREgQ/cl18iY0Z4wJCTL/GmW+Um2oSwZiZPnc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250407143221-ac9807e6c755/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
+google.golang.org/api v0.229.0 h1:p98ymMtqeJ5i3lIBMj5MpR9kzIIgzpHHh8vQ+vgAzx8=
+google.golang.org/api v0.229.0/go.mod h1:wyDfmq5g1wYJWn29O22FDWN48P7Xcz0xz+LBpptYvB0=
+google.golang.org/genproto/googleapis/api v0.0.0-20250414145226-207652e42e2e h1:UdXH7Kzbj+Vzastr5nVfccbmFsmYNygVLSPk1pEfDoY=
+google.golang.org/genproto/googleapis/api v0.0.0-20250414145226-207652e42e2e/go.mod h1:085qFyf2+XaZlRdCgKNCIZ3afY2p4HHZdoIRpId8F4A=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250414145226-207652e42e2e h1:ztQaXfzEXTmCBvbtWYRhJxW+0iJcz2qXfd38/e9l7bA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250414145226-207652e42e2e/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
 google.golang.org/grpc v1.71.1 h1:ffsFWr7ygTUscGPI0KKK6TLrGz0476KUvvsbqWK0rPI=
 google.golang.org/grpc v1.71.1/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec=
 google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
@@ -292,8 +292,8 @@ howett.net/plist v1.0.1 h1:37GdZ8tP09Q35o9ych3ehygcsL+HqKSwzctveSlarvM=
 howett.net/plist v1.0.1/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g=
 mvdan.cc/editorconfig v0.3.0 h1:D1D2wLYEYGpawWT5SpM5pRivgEgXjtEXwC9MWhEY0gQ=
 mvdan.cc/editorconfig v0.3.0/go.mod h1:NcJHuDtNOTEJ6251indKiWuzK6+VcrMuLzGMLKBFupQ=
-mvdan.cc/gofumpt v0.7.0 h1:bg91ttqXmi9y2xawvkuMXyvAA/1ZGJqYAEGjXuP0JXU=
-mvdan.cc/gofumpt v0.7.0/go.mod h1:txVFJy/Sc/mvaycET54pV8SW8gWxTlUuGHVEcncmNUo=
+mvdan.cc/gofumpt v0.8.0 h1:nZUCeC2ViFaerTcYKstMmfysj6uhQrA2vJe+2vwGU6k=
+mvdan.cc/gofumpt v0.8.0/go.mod h1:vEYnSzyGPmjvFkqJWtXkh79UwPWP9/HMxQdGEXZHjpg=
 mvdan.cc/sh/v3 v3.11.0 h1:q5h+XMDRfUGUedCqFFsjoFjrhwf2Mvtt1rkMvVz0blw=
 mvdan.cc/sh/v3 v3.11.0/go.mod h1:LRM+1NjoYCzuq/WZ6y44x14YNAI0NK7FLPeQSaFagGg=
 mvdan.cc/unparam v0.0.0-20250301125049-0df0534333a4 h1:WjUu4yQoT5BHT1w8Zu56SP8367OuBV5jvo+4Ulppyf8=

internal/dnsforward/config.go

@@ -281,6 +281,10 @@ type ServerConfig struct {
 
 	// ServePlainDNS defines if plain DNS is allowed for incoming requests.
 	ServePlainDNS bool
+
+	// PendingRequestsEnabled defines if duplicate requests should be forwarded
+	// to upstreams along with the original one.
+	PendingRequestsEnabled bool
 }
 
 // UpstreamMode is a enumeration of upstream mode representations.  See
@@ -324,6 +328,9 @@ func (s *Server) newProxyConfig() (conf *proxy.Config, err error) {
 		UsePrivateRDNS:            srvConf.UsePrivateRDNS,
 		PrivateSubnets:            s.privateNets,
 		MessageConstructor:        s,
+		PendingRequests: &proxy.PendingRequestsConfig{
+			Enabled: srvConf.PendingRequestsEnabled,
+		},
 	}
 
 	if srvConf.EDNSClientSubnet.UseCustom {

internal/home/config.go

@@ -261,6 +261,16 @@ type dnsConfig struct {
 	// HostsFileEnabled defines whether to use information from the system hosts
 	// file to resolve queries.
 	HostsFileEnabled bool `yaml:"hostsfile_enabled"`
+
+	// PendingRequests configures duplicate requests policy.
+	PendingRequests *pendingRequests `yaml:"pending_requests"`
+}
+
+// pendingRequests is a block with pending requests configuration.
+type pendingRequests struct {
+	// Enabled controls if duplicate requests should be sent to the upstreams
+	// along with the original one.
+	Enabled bool `yaml:"enabled"`
 }
 
 type tlsConfigSettings struct {
@@ -380,6 +390,9 @@ var config = &configuration{
 		UsePrivateRDNS:   true,
 		ServePlainDNS:    true,
 		HostsFileEnabled: true,
+		PendingRequests: &pendingRequests{
+			Enabled: true,
+		},
 	},
 	TLS: tlsConfigSettings{
 		PortHTTPS:       defaultPortHTTPS,

internal/home/dns.go

@@ -272,6 +272,7 @@ func newServerConfig(
 		ServeHTTP3:             dnsConf.ServeHTTP3,
 		UseHTTP3Upstreams:      dnsConf.UseHTTP3Upstreams,
 		ServePlainDNS:          dnsConf.ServePlainDNS,
+		PendingRequestsEnabled: dnsConf.PendingRequests.Enabled,
 	}
 
 	var initialAddresses []netip.Addr

internal/stats/unit.go

@@ -64,7 +64,7 @@ type Entry struct {
 	Domain string
 
 	// UpstreamStats contains the DNS query statistics for both the upstream and
-	// fallback DNS servers.
+	// fallback DNS servers.  Don't modify items in the slice.
 	UpstreamStats []*proxy.UpstreamStatistics
 
 	// Result is the result of processing the request.